<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div>Wife ordered Xfinity business at 50/10. This is given me an opportunity to rebuild my network. I have daughters 13 and 11. Every one, but me, complains about "streaming movies". They are also out in a week and for my SSH sanity I need to lock everyone down.</div><div><br data-mce-bogus="1"></div><div>Here are my thoughts.</div><div><br data-mce-bogus="1"></div><div>1. DHCP provides address by MAC not much in a pool.</div><div><br data-mce-bogus="1"></div><div>2. 192.168.1.0/24 is subdivided into subnets. </div><div> 2.1. "Enterprise". Servers, my desktop, services, etc.</div><div> 2.2. Entertainment. XboxOne, WiiU, etc.</div><div> 2.3. Each daughter gets their own cut of the 192.168.1.0/24.</div><div><br></div><div>3. SSH needs TOP BILLING. I type fast. Followed by OpenVPN and Vtun. All that will happen within 2.1, but SSH needs to defeat all Netflix</div><div><br data-mce-bogus="1"></div><div>I've just received a Ubiquiti AP. This Is just an AP. It will be the only AP. I'll use my own cable modem and then Linux will route between the private and the public.</div><div><br data-mce-bogus="1"></div><div>Purpose of 2.3. is so that when punishment occurs we'll simply degrade service (I'm evil) or block their sub. I'll have a web page the wife can log into to dish it out.</div><div><br data-mce-bogus="1"></div><div>I'm going to install squid to proxy for 2.3 and take the SSL as well.</div><div><br data-mce-bogus="1"></div><div>When they are out of school my SSH sessions go downhill fast. </div><div><br data-mce-bogus="1"></div><div>I can do much of this, but I don't have much experience with the complex QoS rules. Should I start with a CentOS 7 install or a firewall distro?</div><div><br></div><div>Chris</div><div><br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div></div></body></html>